You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vault should not allow to add a bad entry with a subpath like "ldap/static-role/dir1/user1" if it can't deal with it afterwards.
Environment:
Vault Server Version (retrieve with vault status):
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed true
Total Shares 1
Threshold 1
Unseal Progress 0/1
Unseal Nonce n/a
Version 1.17.2
Build Date 2024-07-05T15:19:12Z
Storage Type file
HA Enabled false
Vault CLI Version (retrieve with vault version):
Vault v1.17.2 (2af5655e364f697a15b1dc2db2c3f85f6ef949f2), built 2024-07-05T15:19:12Z
Same config, same stackstrace, same subpath with ldap/Active Directory, clustered server with raft backend.
Happens as soon as you restart one of the server or you seal/unseal it, all of the other servers crash and restart.
Aug 28 11:34:28 server3 vault[297000]: 2024-08-28T11:34:28.212+0200 [INFO] core: usage gauge collection is disabled
Aug 28 11:34:28 server3 vault[297000]: 2024-08-28T11:34:28.212+0200 [INFO] secrets.ldap.ldap_d49f9119: initializing database rotation queue
Aug 28 11:34:28 server3 vault[297000]: 2024-08-28T11:34:28.212+0200 [INFO] secrets.ldap.ldap_d49f9119: populating role rotation queue
Aug 28 11:34:28 server3 vault[297000]: panic: runtime error: invalid memory address or nil pointer dereference
Aug 28 11:34:28 server3 vault[297000]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x6fd978d]
Aug 28 11:34:28 server3 vault[297000]: goroutine 778 [running]:
Aug 28 11:34:28 server3 vault[297000]: github.com/hashicorp/vault-plugin-secrets-openldap.(*backend).populateQueue(0xc002fbd780, {0xd03cb58, 0xc0039bc320}, {0xd03cff0, 0xc00342ca80})
Aug 28 11:34:28 server3 vault[297000]: /home/runner/go/pkg/mod/github.com/hashicorp/[email protected]/rotation.go:67 +0x42d
Aug 28 11:34:28 server3 vault[297000]: github.com/hashicorp/vault-plugin-secrets-openldap.(*backend).initQueue(0xc002fbd780, {0xd03cb58, 0xc0039bc320}, 0xc003647ea0)
Aug 28 11:34:28 server3 vault[297000]: /home/runner/go/pkg/mod/github.com/hashicorp/[email protected]/rotation.go:461 +0x107
Aug 28 11:34:28 server3 vault[297000]: created by github.com/hashicorp/vault-plugin-secrets-openldap.(*backend).initialize in goroutine 789
Aug 28 11:34:28 server3 vault[297000]: /home/runner/go/pkg/mod/github.com/hashicorp/[email protected]/backend.go:101 +0xe8
Describe the bug
After adding a role with a subpath, like "ldap/static-role/dir1/user1" to the ldap secret engine, vault gets in following trouble.
1. It fails to start after restart and unseal.
2. Before restarting the view of the entry in the UI fails.
To Reproduce
Steps to reproduce the behavior:
The error can be reproduced with a clean container setup like follows.
Log of the complete script output:
reproduce_output.log
Expected behavior
Vault should not allow to add a bad entry with a subpath like "ldap/static-role/dir1/user1" if it can't deal with it afterwards.
Environment:
vault status
):vault version
):Vault server configuration file(s):
The text was updated successfully, but these errors were encountered: